Is SSL required to use the google plus api

google-plus, oauth

Im fairly new to Oauth2.0.
I wanted to start using the Google Plus api.

I used the following resources

"Using OAuth 2.0 to Access Google APIs" documentation.

Google Plus Oauth Api scope key
(https://www.googleapis.com/auth/plus.me).

After playing with curl and having success with other "scope keys" . I encountered the following error with the google plus scope (https://www.googleapis.com/auth/plus.me).

"Token invalid – AuthSub token has wrong scope"

Then i found the solution Google’s OAuth Pain: Token invalid – AuthSub token has wrong scope

It pointed out the following:

if you’re getting a “Token Invalid – AuthSub token has wrong scope”
error when you’re trying to use OAuth (or even AuthSub for that
matter?), make sure the scope you’re requesting is using the same
protocol as you’re using

I did what he said , took the "s" off the scope "

http://www.googleapis.com/auth/plus.me

But now it gives me this error

enter image description here

Does this mean that your site MUST use SSL?

Thanks for the feedback.

EDIT: Turns out i was using the wrong api
Should be https://www.googleapis.com/plus/v1/people/me?access_token=xxxx

Best Solution

Your site doesn't need to use SSL but all calls it makes to the Google+ API must use HTTPS. See: http://developers.google.com/+/api/oauth for more information about OAuth scopes in Google+